Talk to a Security Expert Now: (800) 721-9177

Dealing with cyber crime

CSO magazine recently released the 2010 Cyber Security Watch survey of over 500 respondents from both the public and private sector. In reading through the answers I was not surprised to find several results that set off a cause for alarm. Of course it’s always difficult to draw conclusions from survey results and you should realize that I am not really interested in a rigorous analysis of the survey information. Rather it’s simply a vehicle for discussing a significant shift in the threat environment and what security approaches companies can take to manage the risks they face.
Some of the results I found interesting:
• 58% of the respondents considered themselves more prepared to deal with cyber security threats today compared to 12 months ago; 37% considered themselves at the same level of preparedness.
• Over 75% of respondents reported that monetary losses from cyber security events either remained the same or they weren’t sure.
• Only 6% of the respondents cited organized crime as the most significant threat to their organization.
• Of the organizations that experienced cyber security events that caused financial loss or cost during the preceding 12 months only 28% found these events to be aimed specifically at them.
What strikes me is that there is a degree of complacency and a sense that status quo security measures such as perimeter protection, signature based detection and log monitoring are good enough. However, the current reality is that cyber crime is becoming increasing sophisticated and fueled by growing profits. A significant shift is taking place in the threat environment in that cyber criminals are targeting organizations and using advanced techniques to gain persistent presence in IT environments and attacking corporate business processes for financial gain. Companies face major risk exposure in a number of areas including brand damage, regulatory penalties and data breach liability.
Let’s look at some examples of what’s going on in this changing threat environment.
• Financial fraud is a leading money-maker with unauthorized bank transactions and credit card charges taking place with stolen credentials. Common techniques to steal credentials range from data theft to key-logging malware. A widespread example of this is the Zeus Trojan.
• Cyber criminals are using social engineering techniques and taking advantage of the growing amount of personal data on the web to target particular companies, business processes and even individuals within an organization.
• Crime is organized and specialized. Large businesses exist to sell zero-day exploits, malware packages and exploit kits. In a testimony to the lack of effectiveness of signature based security measures such as IDS/IPS and anti-virus many of these packages have been tested to ensure that they are not detectable.
• The scope of targets is expanding. Attackers are using their presence within corporate IT networks to perform reconnaissance and identify and steal high value information such as source code, strategic planning documents and design data.
Given these trends in the threat environment, what measures can be taken by security teams within corporations? I believe the only effective method to combat cybercrime is through risk management. This means shifting the focus from building an impermeable perimeter to protecting the information and data that drive the business. Security and business group teams need to prioritize risks based on their likelihood and business impact and then allocate resources and technology accordingly. A simple way to think about this is that it is no longer a matter of keeping the bad guys out. We have to assume that they will get in. We just have to make sure they don’t leave with anything that is valuable.

Leave a Reply

Your email address will not be published. Required fields are marked *